Persistent Warnings Are Causing ‘Security Fatigue’

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined
as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Research from the National Institute of Standards and Technology (NIST) discovered the public is becoming tired of being ‘bombarded’ with alerts to update passwords in the wake of several high profile data breaches and avoid taking action or decide on the easiest option.

If anything, the number of successful attacks on large companies has led many to question whether it is actually possible to prevent such incidents.

Security fatigue

Also causing disillusionment is the requirement to remember multiple login credentials and use additional security measures and many feel they aren’t important enough to be targeted by cyberattacks in the first place.

And even then, they feel as though it’s someone else’s responsibility, such as an employer or retailer, to protect them.

The actual survey intended to find out more about usage habits but the fatigue was evident throughout the research. The authors say the findings are concerning given that more and more valuable data, such as health and banking details, is being stored online.

“We weren’t even looking for fatigue in our interviews, but we got this overwhelming feeling of weariness throughout all of the data,” computer scientist and co-author Mary Theofanos said.

“Years ago, you had one password to keep up with at work. Now people are being asked to remember 25 or 30. We haven’t really thought about cybersecurity expanding and what it has done to people.”

The authors suggest businesses limit the number of security decisions that end users are required to take, make it simpler for them to pick the right action and allow for consistent decision making. They suggest it will take a team of security experts and psychologists to make the situation better.